Security & Smart Card Forum Discussions

Hello guys,

I tried to use the infineon TPM utility to test TPM ( https://github.com/Infineon/eltt2?tab=readme-ov-file ),

based on Ubuntu: 22.04, kernel: 6.2.0-36-generic, but the test result is failed as below:

and I already checked kernel 5.15 is PASS, so could anybody know what's the problem on kernel 6.2 ?

smartconx_target@Q!w2e3r4t5y6u7i8o9p0||/t5/OPTIGA-TPM/Module-TPM-2-0-SLB-9670-XQ-2-0-used-the-infineon-TPM-utility-to-test-TPM-failed/td-p/706081

Good day,

I want to develop an application for an academic project, and I want to use the OPTIGA Trust M chip. However, I am considering implementing it with the WLC1115 chip as the transmitter. My question is whether it's possible to make this implementation and if the application I want to develop is feasible with these two chips.

Application: I want to authenticate the transmitter with the receiver in such a way that the receiver can only be used with that transmitter and vice versa.

I also want to know if I would need to implement the OPTIGA Trust M chip both in the Tx and Rx.

Thank you for your responses.

Is an Optiga TPM the recommended secure element for a TI based DSP system?

Does Infineon offer application notes or examples to avoid easy mis-steps when attempting to secure a DSP based system?

A helpful document on 'Open Source TPM Support' was helpful, but would prefer existing knowledge on this particular case if available. Reference https://www.infineon.com/dgdl/Linux%20and%20Open%20Source%20activities%20for%20Trusted%20Computing%20and%20TPM%20applications.pdf?fileId=db3a304412b407950112b4165abb2043 

Greg

sh write_default_shared_secret.sh
write_default_shared_secret.sh: 2: source: not found
rm: cannot remove '*.dat': No such file or directory
Generate default shared secret

Bypass Shielded Communication.
shm_open: Permission denied
Segmentation fault

for the attached links ( https://www.infineon.com/dgdl/Infineon-Customer_presentation_OPTIGA_TPM_SLB_9672-Presentations-v01_00-EN.pdf?fileId=8ac78c8c8afe5bd0018b180e3f2535ff ) & ( https://www.infineon.com/dgdl/Infineon-Customer_presentation_OPTIGA_TPM_SLB_9673-Presentations-v01_00-EN.pdf?fileId=8ac78c8c8afe5bd0018b18b4cb5c396a) , i need to know if all the series ( SLB 9670 & SLB 9672 & SLB 9673 ) have ( 2035 ) PLP or availability expected based on these links or not?

This seems similar to some other threads I've found:

* https://community.infineon.com/t5/OPTIGA-TPM/SLB-9665TT2-0-SHA256-Linux-support/td-p/398514

* https://answers.microsoft.com/en-us/insider/forum/all/bug-of-the-bootloaderfwefi-the-new-version/e28b2930-2d17-4338-befe-6a787410d1d6

Platform is a Gigabyte z97x-ud3h motherboard with an updated bios with tpm2.0 support.

SLB9665 has been updated to TPM20_5.63.3353.0.

With hashpolicy set to sha1 in the uefi, everything works perfectly, except for the obvious issue that sha1 is being used.

When set to sha2, the uefi indeed populates sha256 banks 0-7 and 11. However, Windows 11 still tries to use the sha1 bank for some reason, which obviously does not work.

As suggested in the other thread, I was able to use pcr_allocate to configure only a sha256 bank. And yet, Windows still "uses" sha1, which again fails.

How can I further troubleshoot? Is there some variable that needs adjusting with the tpm?

Thanks

Hello,
We are currently working on tpm2.0 for SLB9673 , as this is new to us we would like to know whether SLB9673 supports disk encryption.
If so, could you provide  us a brief explanation about disk encryption process that is performed and the necessary steps/procedure that is to be followed to perform the same.

Thanks and Regards,
Mythreyi 

Is SLB 9665TT2.0 compatible with ESXi version 8? The requirements are as follows:

• TPM 2.0
• SHA-256 hashing algorithm - SHA1 is not supported
• TIS/FIFO (First-In, First-Out) interface and not CRB (Command Response Buffer) - CRB is a no no according to VMWare docs.